The WebAuthn auth provider

This component contains an out of the box a WebAuthn implementation. To use this project, add the following dependency to the dependencies section of your build descriptor:

  • Maven (in your pom.xml):

<dependency>
 <groupId>io.vertx</groupId>
 <artifactId>vertx-auth-webauthn</artifactId>
 <version>4.0.0.Beta1</version>
</dependency>
  • Gradle (in your build.gradle file):

compile 'io.vertx:vertx-auth-webauthn:4.0.0.Beta1'

WebAuthn is the JavaScript API of the FIDO2 protocol by the FIDO alliance. FIDO2 is a "passwordless" authentication mechanism and the JavaScript API is more known as WebAuthn.

WebAuthn allows users to authenticate using a secure device or token and no passwords are exchange between the browser and the server (also known as Relay Party).

The current implementation supports both authentication and device attestation.

Device attestation is a verification of the device itself. Currently the following attestations are implemented:

  • U2F (FIDO-U2F tokens, e.g.: Yubikey’s)

  • Packed

  • Android Key

  • Android Safetynet

Still not implemented are:

  • TPM